One of the internal controls that SOX is interested in auditing is the source code access process. This falls under one or two of the IT internal controls.

SOX Audit

To pass the required tests, the company must provide a source code access process that requires the owner of the code to approve access before granting it.

It also requires that only approved developers have write access to the source code and that those same developers do not have access to the application in production.

In addition, it requires a review, usually semi-annual, of the access to the code and an audit trail of this review.

If you can provide this evidence, you can pass this internal control test.

Evidence

Prove there is a process for granting source control access
Provide regular access review to source code
Show how the process works
Provide user access lists

Sample SVN Access File

[groups]
dev = mit\mjb, mit\bjl, umn\tjd
scm = mit\dearking, umn\stixrud

[/]
@dev = rw

[/admin/svn_access]
@scm = rw

Links

SOX Source Code - Best Practices

Definition of Information Technology Table of Contents

Definition of Information Technology Definition of Information Technology describes the primary function of Information Technology. Along with the scope of IT Services and Technologies provides to the Information Technology Services Customers.

Cloud Computing Cloud Computing is the use of Internet computer and software technologies to provide a variety of computer services. It is more than virtual servers. It is a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. The name Cloud comes from the common diagram of the Internet as it is often depicted in computer network diagrams.

Disaster Recovery The purpose of this page is to establish a standard for disaster recovery for systems, applications and their configurations.

ITIL ITIL, Information Technology Infrastructure Library, is a set of best practices that support the delivery of Information Technology Services.

ITIL V3 ITIL v3, Information Technology Infrastructure Library, is a set of best practices that support the delivery of Information Technology Services.

Six Sigma Six Sigma seeks to identify and resolve the causes of defects and errors in engineering and business processes. It uses a set of quality management methods, including statistical methods, and creates a special infrastructure of people within the organization who are experts in these methods. Each Six Sigma project carried out within an organization follows a defined sequence of steps and has quantified financial targets.

SOA Strategies SOA Strategies, the importance of IT articulating the value of its technology strategy to corporate decision makers, the correlation between architecture and successful business-driven initiatives such as cloud computing and software as a service, and how to avoid common architecture mistakes.

SOX SOX, Sarbanes Oxley, reporting and testing requirements are mandating formal approvals and reviews of people who have access to application source code.

SOX Source Code SOX Source Code how to maintain a SOX audit for source code control, you must maintain access control and provide an audit trail of access.